'Your PayPal Has Been Billed $599': iPhone Users Hit With Terrifying New Scam From Apple's Own Servers

A wave of fear and confusion is sweeping through the iPhone community as a new, highly deceptive scam emerges. This isn't a typical phishing attempt; it's a cunning fraud that weaponises Apple's own infrastructure.

This new threat, which targets unsuspecting users with a terrifying message — 'Your PayPal Has Been Billed $599' — is leaving many questioning the very security of their devices and the platforms they trust.

New Scam Uses Fake Purchase Emails

Hackers are sending out fraudulent emails that mimic purchase confirmations from the tech giant, according to a report by Bleeping Computer. This warning was issued after a user shared an email that appeared to contain a fake PayPal payment and instructed them to call a number to discuss the charges.

The email, sent from 'noreply@email.apple.com', stated: "Hello Customer, Your PayPal account has been billed $599.00 (£441.46). We're confirming receipt of your recent payment.'

The fraudulent email was a cleverly disguised iCloud Calendar invite. The scam's text was concealed in the notes section, and the invite was sent to a Microsoft 365 address operated by the scammer.

Apple's system is set up to automatically send an email from its own servers — specifically from 'noreply@email.apple.com' — whenever a calendar event is created. This email shows the calendar owner's name.

In this instance, the invite was sent to a Microsoft 365 account, which is believed to be a mailing list. This account then forwarded the message to several people, much like a previous phishing scam that also involved PayPal.

The attackers' goal was to get victims to call the number. Once on the phone, victims were told their accounts had been compromised. From there, the scammers try to trick people into installing a malicious software, which would allow the criminals to steal login details or empty their bank accounts.

What is a Phishing Scam?

The attack is an example of a phishing scam, a type of cybercrime where criminals use deceptive messages to trick their victims. These scams are typically carried out through emails, text messages, or phone calls where the attacker pretends to be a legitimate organisation or person.

They aim to steal sensitive information, such as passwords, bank details, or personal data, or to install malicious software on the victim's device.

Why This Scam is So Effective

Bleeping Computer pointed out that the email the user received came from Apple's own address, which allowed it to get around security filters. Jamie Akhtar, CEO of CyberSmart, explained to Forbes that scammers conceal fake payment alerts, such as a '$599 (£441.46) PayPal charge', within the notes section of a calendar invitation.

Their goal is to trick people into calling fraudulent 'support' numbers, the top executive added. 'Because these invites are sent from Apple's legitimate servers, they pass authentication checks and appear trustworthy, making them far harder for traditional filters to block.'

Don't Take the Bait

Javvad Malik, lead CISO advisor at KnowBe4, stated that this recent report highlights a growing trend of phishing attacks that take advantage of trusted services.

'These attacks, such as the one using iCloud Calendar pass SPF/DKIM/DMARC, and land in inboxes with borrowed legitimacy. People don't scrutinise calendar links the way they do email links, so a meeting invite with a call back number lowers defences and funnels victims into vishing or remote‑access scams.'

Malik pointed out that KnowBe4 Threat Labs has observed similar campaigns that were launched using other legitimate platforms like AppSheet, Microsoft, Google, QuickBooks and Telegram. These attacks successfully bypassed typical security controls, including native security measures and Secure Email Gateways (SEGs).